The Un-Official Proxomitron Forum / Proxomitron Filters / Privacy/Security/Spam / Mozilla browser "about:" exploit


Post Reply 
Mozilla browser "about:" exploit
Dec. 08, 2004, 05:17 PM
Post: #2
sidki3003 Offline
Administrator
*******
 		Posts: 1,458
Joined: Mar 2004
 
I don't know which tags would be exploitable, but a common practice to create popups - including requested ones - is opening them as "about:blank" and then writing content to them via a script.

A fairly speedy way to cover all tags that can have a "src" attribute is:
Code:
[Patterns]
Name = "<*>: Cover "src" Tags"
Active = FALSE
Bounds = "<[efils]*>"
Limit = 4096
Match = "*\ssrc=$AV(*this*)*"
Replace = "that"
There is one tag that isn't covered this way - <applet src=...> - but adding "a" would slow things down considerably and "src" is used rarely there - Mozilla doesn't even accept it.

sidki
Add Thank You Quote this message in a reply
Post Reply 


Messages In This Thread
[] - Siamesecat - Dec. 08, 2004, 08:08 AM
[] - sidki3003 - Dec. 08, 2004 05:17 PM
[] - Siamesecat - Dec. 09, 2004, 06:30 AM
[] - sidki3003 - Dec. 09, 2004, 12:09 PM
[] - Kye-U - Dec. 09, 2004, 08:55 PM
[] - Siamesecat - Dec. 10, 2004, 07:39 AM
[] - Siamesecat - Dec. 10, 2004, 08:13 AM
[] - sidki3003 - Dec. 10, 2004, 12:32 PM
[] - Siamesecat - Dec. 12, 2004, 07:21 AM
[] - sidki3003 - Dec. 12, 2004, 05:16 PM
[] - Oddysey - Dec. 12, 2004, 05:56 PM
[] - sidki3003 - Dec. 12, 2004, 07:17 PM
[] - sidki3003 - Dec. 12, 2004, 08:21 PM
[] - Oddysey - Dec. 12, 2004, 11:09 PM
[] - sidki3003 - Dec. 13, 2004, 02:32 AM
[] - Kye-U - Dec. 15, 2004, 04:40 AM
[] - Kye-U - Dec. 25, 2004, 07:37 AM

Forum Jump:


Contact Us | The Un-Official Proxomitron Site | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication